<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html>
        <head>
                <title>Login Page</title>
				<link type="text/css" rel="stylesheet" href="../stylesheet.css" />
        </head>

        <body>
            <h1 class="title">Elliphino's Login</h1>
			<div>
                <form method="" action="">
                    <input value ="Help" type="submit" >
                </form>    
			</div>
            <div class="form">
                <?php
                        session_start();
                        $_SESSION['flag'] = 0;
                        $_SESSION['promptForKids']=0;
						if( !isset($_SESSION['email']) )
						{
							//session_unset();
						}
					
                        $email = '';

                        if ($_SERVER["REQUEST_METHOD"] == "POST")
                        {
                                $email = clean_field ($_POST["email"]);
                                $password = clean_field ($_POST["password"]);

                                $username = 'root';
                                $pw = 'password';

                                //Connect to the database.
                                $con = mysqli_connect ("localhost", $username, $pw, 'elliphinos');

                                if (mysqli_connect_errno()) {
                                  echo "Failed to connect to MySQL: " . mysqli_connect_error();
                                }
								
								/*********** //Retrieve salt from database
                                $sql = "SELECT salt FROM users WHERE email='$email'";
                                $result = mysqli_query($con, $sql);
                                while ($row = mysqli_fetch_assoc($result))
                                        $salt = $row['salt'];
										
                                //Hash password using salt to check with the database
                                $hashed_password = hash("sha256", $password . $salt);
								************/
								
                                //Checking to see if the account exists with these credentials
                                $sql = "SELECT * FROM users WHERE email='$email' and password='$password'";
								//$sql2 = "SELECT first_name FROM users WHERE email='$email' and password='$password'";
								//$sql3 = "SELECT last_name FROM users WHERE email='$email' and password='$password'";
                                $result = mysqli_query($con, $sql);
								$row = mysqli_fetch_array($result);

                                //If it exists, the query returns a result with one row.
                                if (mysqli_num_rows($result) == 1)
                                {
                                        $_SESSION['email'] = $email;
                                        $_SESSION['password'] = $password;
										$_SESSION['first_name'] = $row['first_name'];
										$_SESSION['last_name'] = $row['last_name'];
                                        //Redirects to a login success page.
                                        header("location: login_redirect.php");
                                }
                                else
                                        echo "Invalid username or password.";

                                mysqli_close($con);
                        }

                        function clean_field ($data)
                        {
                                $data = trim($data);
                                $data = stripslashes($data);
                                $data = htmlspecialchars($data);
                                return $data;
                        }
						/*
                        function hash_pass ($pass)
                        {
                                $salt = openssl_random_pseudo_bytes(8);
                                $hashed = hash("sha256", $password + $salt);
                                return $hashed;
                        } 
						*/
						
                ?>
                
                <!-- Simple login form -->
                <form method="post" action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]);?>">
                        <span style="font-size:20pt;">Username(Email):</span>
                    <input type="text" name = "email" value="<?php echo $email?>"> <br>
                        <span style="font-size:20pt;">Password: </span
                            ><input type="password" name="password" value="">
                    <br>
                        <input type="submit" name="submit" value="Submit">
                    </div>
                </form>
            <a href="eng_login.php" id="back">Back</a>
        </body>
</html>
